First published: Tue Jan 28 2020(Updated: )
libxml2. A buffer overflow was addressed with improved size validation.
Credit: Ranier Vilela Ranier Vilela Ranier Vilela Ranier Vilela Ranier Vilela Ranier Vilela Ranier Vilela product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iCloud for Windows | <7.17 | 7.17 |
Apple iTunes for Windows | <12.10.4 | 12.10.4 |
Apple iCloud for Windows | <10.9.2 | 10.9.2 |
Apple watchOS | <6.1.2 | 6.1.2 |
Apple macOS Catalina | <10.15.3 | 10.15.3 |
Apple Mojave | ||
Apple High Sierra | ||
Apple tvOS | <13.3.1 | 13.3.1 |
Apple iOS | <13.3.1 | 13.3.1 |
Apple iPadOS | <13.3.1 | 13.3.1 |
Apple Icloud Windows | <7.17 | |
Apple Icloud Windows | >=10.0<10.8 | |
Apple Itunes Windows | <12.10.4 | |
Apple iPadOS | <13.3.1 | |
Apple iPhone OS | <13.3.1 | |
Apple Mac OS X | <10.15.3 | |
Apple tvOS | <13.3.1 | |
Apple watchOS | <6.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2020-3846 is a vulnerability in libxml2 that allows for a buffer overflow due to insufficient size validation.
CVE-2020-3846 affects Apple tvOS versions up to and excluding 13.3.1.
CVE-2020-3846 affects Apple watchOS versions up to and excluding 6.1.2.
The remedy for CVE-2020-3846 in Apple software is to update to the specified fixed versions: Apple tvOS 13.3.1, Apple watchOS 6.1.2, Apple iTunes for Windows 12.10.4, Apple iCloud for Windows 7.17, Apple iOS 13.3.1, Apple iPadOS 13.3.1, Apple macOS Catalina 10.15.3.
You can find more information about CVE-2020-3846 on the Apple support website at the following links: [link1], [link2], [link3].